发明名称 |
Verifying application security vulnerabilities |
摘要 |
Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported. |
申请公布号 |
US9160762(B2) |
申请公布日期 |
2015.10.13 |
申请号 |
US201414574790 |
申请日期 |
2014.12.18 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
Brake Nevon C.;Ionescu Paul;Onut Iosif Viorel;Peyton, Jr. John T.;Smith Wayne Duncan |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
Cuenot, Forsythe & Kim, LLC |
代理人 |
Cuenot, Forsythe & Kim, LLC |
主权项 |
1. A computer-implemented process for verifying application security vulnerabilities of a source code, comprising:
generating, responsive to all static analysis results not being validated, mock objects using a vulnerability call trace for the source code; creating a unit test using the generated mock objects; executing the unit test using the generated mock objects to determine whether an identified vulnerability was validated; and selecting, responsive to a determination that the identified vulnerability was validated, a next static analysis result. |
地址 |
Armonk NY US |